Important – Changes to Email, FTP and Database Access (PCI Compliance)
Published by Peter Armstrong on July 18th, 2016
Spiral Hosting are committed to providing the latest software on our web servers for optimum performance and security. Today we emailed all our clients important information on changes to email, FTP and database access. It is essential that clients read the full information and take action.
To comply with PCI (payment card industry) requirements, which are important for hosting clients with e-commerce websites that process credit cards, we are making three significant changes to email access, FTP access and remote MySQL database access.
1) We are disabling plaintext authentication for email access (checking your email without encryption). It’s important all clients take steps to implement SSL/TLS (implicit encryption) or STARTTLS (explicit encryption) as soon as possible. All email access (POP3, IMAP, SMTP) will require an encrypted connection. Your connection to our email server will soon stop working if you do not implement these steps!
2) We are disabling plaintext authentication for FTP access (connecting to File Transfer Protocol without encryption). FTP access is normally used by a webmaster to upload/download files from a hosting account. It’s important your webmaster take steps to implement FTP-SSL (explicit FTP over TLS [FTPES]) as soon as possible. All FTP access will require an encrypted connection.
3) We are restricting incoming MySQL database connections. Access to MySQL port 3306 will only be permitted from remote IP addresses on our access list. Remote IPs must be granted access both in the cPanel hosting control panel and on our server firewall. Please email your requirements to our support team as soon as possible.
These requirements have been best practices for a number of years and many clients will already fulfill them, but they will now become compulsory. If you do not understand the technicalities of these changes, it’s important you discuss them with your IT manager, website developer or email our support helpdesk.
When is it happening?
For clients on Enterprise hosting plans, the changes will take effect on THURSDAY 4 AUGUST 2016. For all other clients on our normal shared/reseller hosting plans, the changes will take effect on THURSDAY 18 AUGUST 2016. We strongly encourage you to re-configure your email clients much earlier.
1) Encrypted email access
We recommend all clients make a list of all email programs (MS Outlook, Thunderbird, Apple Mail etc) and also any email devices (iPhone, iPad, Android etc) and review their email configurations. This is particularly important for business clients who might have an office with lots of desktop computers, laptops and phones that need re-configured. Don’t forget the office scanner or photocopier! (if it sends email).
We have created a guide on how to check MS Outlook, Thunderbird, Apple and iPad/iPhone email applications: https://secure.spiralhosting.com/knowledgebase.php?action=displayarticle&id=159
Your connection to our email server will soon stop working if you do not implement these steps!
2) Encrypted FTP access
Make sure your IT person or web developer knows about these changes so they can update their FTP client settings to use SSL/TLS. If they use an FTP client like FileZilla, they must make sure “Explicit FTP over TLS” is selected as the encryption type. “Plain FTP” will no longer work.
3) Restricted MySQL access
If you have computer software that requires an incoming connection to our MySQL database, it’s important your IP address has the correct access. Remote IPs must be granted access both in the cPanel hosting control panel and server firewall. It’s important all clients whose websites have remote incoming database connections discuss their requirements with our support team as soon as possible.
We’re gradually rolling out some changes and we’re making sure our web servers have the latest software for both security and ease of use. It’s important to keep your site up to date so please make sure you check your site after the update has been completed at the time above.
As always, any questions, get in touch via support ticket and our team will be happy to assist you.